Octopus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (304)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en264
ru10
zh8
pl6
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us148
ru30
cn18
om6
br4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Octopus12
Silence3
Cobalt Strike3
Azorult3
TrickBot2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined104
Content Management System20
WordPress Plugin16
Operating System12
Web Server10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined80
Microsoft12
Apache8
Itech8
Linux6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cryptocat10
Apache HTTP Server6
Microsoft Windows6
Linux Kernel6
WordPress6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.53CVE-2009-4935
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.68CVE-2010-0966
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.56CVE-2007-0354
5Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.23
6HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.05CVE-2012-3268
7Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002090.04CVE-2009-2441
8Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kHighOfficial Fix0.331270.04CVE-2012-0391
9Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.00CVE-2021-22704
10Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.10CVE-2020-15906
11OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.34CVE-2014-2230
12Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2018-16549
13WEKA INTEREST Security Scanner HTTP denial of service3.73.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.000440.04CVE-2017-20011
14Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.23CVE-2014-4078
15Working Resources BadBlue Server Installation phptest.php information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.014370.00CVE-2004-2374
16FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.07CVE-2008-5928
17nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.94CVE-2020-12440
18Microsoft Windows Win32k Privilege Escalation8.37.8$25k-$100k$0-$5kHighOfficial Fix0.001480.03CVE-2021-40449
19Sphinx missing authentication7.47.3$0-$5k$0-$5kNot DefinedWorkaround0.010380.03CVE-2019-14511
20vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.23CVE-2015-1419

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.8.88.87Octopus10/15/2018verifiedHigh
25.188.231.101free.dsOctopus10/15/2018verifiedHigh
35.255.71.84Octopus10/15/2018verifiedHigh
45.255.71.85Octopus10/15/2018verifiedHigh
534.173.57.207207.57.173.34.bc.googleusercontent.comOctopus12/11/2023verifiedMedium
646.249.52.244echichens-cOctopus10/15/2018verifiedHigh
7XX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx01/04/2024verifiedHigh
8XX.XX.XX.XXXXxxxxxx10/15/2018verifiedHigh
9XX.XXX.XXX.XXXxxxxxx.xx-xxx-xxx-xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx10/15/2018verifiedHigh
10XX.XX.XX.XXXxxxx-xxx.xxxx.xxXxxxxxx10/15/2018verifiedHigh
11XXX.XXX.XX.XXXXxxxxxx10/15/2018verifiedHigh
12XXX.XXX.XX.XXXXxxxxxx10/15/2018verifiedHigh
13XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx10/15/2018verifiedHigh
14XXX.XX.XXX.XXXxxxxxx12/20/2023verifiedHigh
15XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx10/15/2018verifiedHigh
16XXX.XX.XX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxx12/04/2023verifiedHigh
17XXX.XX.XX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxx12/04/2023verifiedHigh
18XXX.XX.XX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxx12/04/2023verifiedHigh
19XXX.XX.XX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxx12/04/2023verifiedHigh
20XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxx12/04/2023verifiedHigh
21XXX.XXX.XXX.XXXx.xxxxxxxxxx.xxxXxxxxxx12/04/2023verifiedHigh
22XXX.XX.XXX.XXXxxxxxx01/10/2024verifiedHigh
23XXX.XX.XXX.XXXXxxxxxx12/04/2023verifiedHigh
24XXX.XXX.XX.XXXXxxxxxx02/06/2024verifiedHigh
25XXX.XXX.XXX.XXxxxxx.xxxxxxxxx.xxxXxxxxxx10/15/2018verifiedHigh
26XXX.XXX.XXX.XXxxxxx.xxxXxxxxxx10/15/2018verifiedHigh
27XXX.XXX.XXX.XXxxxxx.xxxxxxx.xxxxXxxxxxx10/15/2018verifiedHigh
28XXX.XXX.XXX.XXXXxxxxxx10/15/2018verifiedHigh
29XXX.XXX.XX.XXXxxxxxx10/15/2018verifiedHigh
30XXX.XXX.XX.XXXxxxxxxxxxxxxxxx.xxxxx.xxxx.xxxxxxxxxxxxx.xxxXxxxxxx10/15/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (147)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminpredictiveLow
2File/admin/conferences/get-all-status/predictiveHigh
3File/admin/conferences/list/predictiveHigh
4File/admin/countrymanagement.phppredictiveHigh
5File/admin/general/change-langpredictiveHigh
6File/admin/group/list/predictiveHigh
7File/admin/renewaldue.phppredictiveHigh
8File/admin/usermanagement.phppredictiveHigh
9File/api/sys/loginpredictiveHigh
10File/artist-display.phppredictiveHigh
11File/catcompany.phppredictiveHigh
12File/cgi-bin/editBookmarkpredictiveHigh
13File/film-rating.phppredictiveHigh
14File/forgetpassword.phppredictiveHigh
15File/front/roomtype-details.phppredictiveHigh
16File/inc/lists/edit-list.phppredictiveHigh
17File/index.phppredictiveMedium
18File/mcategory.phppredictiveHigh
19File/xxxxxxx/xxxx_xxxxxx.xxxpredictiveHigh
20File/xxxx/xxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
21File/xxxxx.xxxpredictiveMedium
22File/xxx/xxxx/xxxxx.xxxxpredictiveHigh
23File/xxxx-xxxxxx-xxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
24File/xxxx/xxx/xxxxxx/xxxxxxxxxxxxxxx/xxxpredictiveHigh
25File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictiveHigh
27File/xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
28File/xxxxxxx/predictiveMedium
29File/xxxx/xxxxxx/xxxxxxpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
32Filexxxxx/xxxxx.xxxpredictiveHigh
33Filexxx/xxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxpredictiveHigh
37Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxx.xxpredictiveMedium
39Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxx/xxxx/xxxx.xpredictiveHigh
44Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
45Filexxxxx.xxxxpredictiveMedium
46Filexxx/xxxxxx.xxxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
49Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
50Filexx/xxxx.xxxpredictiveMedium
51Filexxx/xxxxxpredictiveMedium
52Filexxx_xxxx.xxxpredictiveMedium
53Filexxx/xxxxx.xxxxpredictiveHigh
54Filexxxxx:xxxxxxxxxxx.xxpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxxx.xxxpredictiveMedium
61Filexxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
64Filexxxxxxx.xxpredictiveMedium
65Filexxxxxxxxx.xxxpredictiveHigh
66Filexxxx-xxxxxxxx.xxxpredictiveHigh
67Filexxxx-xxxxx.xxxpredictiveHigh
68Filexxxx-xxxxxxxx.xxxpredictiveHigh
69Filexxx.xpredictiveLow
70Filexxxxxxxxxx-xxx.xxxpredictiveHigh
71Filexxxxxx.xxxpredictiveMedium
72Filexxxx/xxx-xxx.xxxpredictiveHigh
73Filexxx.xxxpredictiveLow
74Filexxxx_xxxxxxx.xxxpredictiveHigh
75Filexxxxxx.xxxpredictiveMedium
76Filexx-xxxxx/xxxxx.xxxpredictiveHigh
77Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
78Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
79Libraryxxx/xxxxxx.xpredictiveMedium
80Libraryxxxxxxxxxxx.xxxpredictiveHigh
81Argument--xx xxxpredictiveMedium
82Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveHigh
83ArgumentxxxpredictiveLow
84ArgumentxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxxxxpredictiveMedium
88ArgumentxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxx_xxpredictiveLow
91Argumentxxxxxxx_xxxxx_xxpredictiveHigh
92ArgumentxxxpredictiveLow
93ArgumentxxxxxxxxxpredictiveMedium
94ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxxpredictiveLow
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxxxpredictiveLow
99ArgumentxxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101Argumentxx_xxpredictiveLow
102ArgumentxxxxpredictiveLow
103ArgumentxxpredictiveLow
104ArgumentxxxxpredictiveLow
105ArgumentxxxpredictiveLow
106Argumentxxxx[]predictiveLow
107ArgumentxxxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109ArgumentxxxxxxxpredictiveLow
110ArgumentxxxxpredictiveLow
111ArgumentxxxxxxxpredictiveLow
112Argumentxxxxx_xx/xxxxxpredictiveHigh
113ArgumentxxxxxxxxpredictiveMedium
114ArgumentxxxxpredictiveLow
115ArgumentxxxxxxxpredictiveLow
116ArgumentxxxxxxpredictiveLow
117ArgumentxxxxxxxxxpredictiveMedium
118Argumentxxxxxxxx_xxxpredictiveMedium
119Argumentx/xxxx_xxxxpredictiveMedium
120Argumentxxxxxxxx_xxxpredictiveMedium
121ArgumentxxxxxxpredictiveLow
122ArgumentxxxxxxxxxxxpredictiveMedium
123ArgumentxxxpredictiveLow
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxpredictiveLow
126ArgumentxxxxxxpredictiveLow
127ArgumentxxxpredictiveLow
128ArgumentxxxpredictiveLow
129ArgumentxxxxxpredictiveLow
130Argumentxxxxxx_xxxpredictiveMedium
131ArgumentxxxpredictiveLow
132ArgumentxxxpredictiveLow
133ArgumentxxxxxxxxpredictiveMedium
134ArgumentxxxxxxxxpredictiveMedium
135ArgumentxxxxxpredictiveLow
136Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
137Input Value../predictiveLow
138Input Valuex' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
139Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
140Input Value</xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)>predictiveHigh
141Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
142Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveHigh
143Input Valuexxxxxx/**/xxxx.predictiveHigh
144Input ValuexxxxxxxxpredictiveMedium
145Network Portxxx/xx (xxxxxx)predictiveHigh
146Network Portxxx/xxx (xxxx)predictiveHigh
147Network Portxxx xxxxxx xxxxpredictiveHigh

References (14)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!